CVE-2025-66254

Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000

Description An unauthenticated attacker can delete arbitrary files. The deleteupgrade parameter within the /var/www/upgrade contents.php file allows for the deletion of files located in the /var/www/upload/ directory without any restrictions on file extensions or path sanitization. This enables the removal of critical system files.

Recommendations Mozart FM Transmitter version 30: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 50: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 100: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 300: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 500: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 1000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 2000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 3000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 3500: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 6000: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Mozart FM Transmitter version 7000: At the moment, there is no information about a newer version that contains a fix for this vulnerability.